Configuring port isolation, Assigning ports to an isolation group, Displaying and maintaining port isolation – H3C Technologies H3C S12500-X Series Switches User Manual

58

Configuring port isolation

The port isolation feature isolates Layer 2 traffic for data privacy and security without using VLANs. You

can also use this feature to isolate the hosts in a VLAN from one another.
The device supports multiple isolation groups, which can be configured manually. The number of ports
assigned to an isolation group is not limited.
Within the same VLAN, ports in an isolation group can communicate with those outside the isolation

group at Layer 2.

Assigning ports to an isolation group

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an isolation
group.

port-isolate group group-number

N/A

3.

Enter interface view.

•

Enter Layer 2 Ethernet

interface view:

interface interface-type
interface-number

•

Enter Layer 2 aggregate

interface view:
interface bridge-aggregation

interface-number

•

The configuration in Layer 2 Ethernet

interface view applies only to the
interface.

•

The configuration in Layer 2 aggregate

interface view applies to the Layer 2
aggregate interface and its

aggregation member ports. If the

device fails to apply the configuration
to the aggregate interface, it does not

assign any aggregation member port

to the isolation group. If the failure
occurs on an aggregation member

port, the device skips the port and

continues to assign other aggregation
member ports to the isolation group.

4.

Assign ports to the
specified isolation

group.

port-isolate enable group
group-number

No ports are assigned to an isolation
group by default.
You can assign a port to at most one
isolation group. If you execute the

port-isolate enable group command

multiple times, the most recent
configuration takes effect.

Displaying and maintaining port isolation

Execute display commands in any view.